neutrality and security council actions
255
party violating the neutral status must, by that violation, gain a meaningful military advantage over the adversary. Seriousness cannot be determined in abstracto; it depends upon the circumstances ruling at the time. It may be based on either the pervasiveness of the violation or on the advantage that accrues to the violator because of that violation. For example, establishing the capability to hack into personal email accounts of low-level members of the enemy armed forces does not trigger this Rule. By contrast, assume that one of the parties to the conflict has diminished cyber capability because of the hostilities. Use by that party of neutral cyber infrastructure in order to undertake cyber operations against the enemy would trigger it. 4. Second, the exercise of belligerent rights on neutral territory by a party to the conflict must represent an immediate threat to the security of the aggrieved party and there must be no feasible and timely alternative to taking action on neutral territory.17 Therefore, the Rule only applies if the neutral State is either unwilling or unable to comply with its obligations under Rule 93. When this is the case, the aggrieved party is entitled to terminate a violation of neutrality by its adversary once the neutral State has exhausted all measures at its disposal to do so, but has been unsuccessful. Obviously, the aggrieved party may also act when the neutral State does nothing to terminate the violation. 5. Measures of self-help are subject to a requirement of prior notification that allows a reasonable time for the neutral State to address the violation. Only if the violation immediately threatens the security of the aggrieved party may that party, in the absence of any feasible and timely alternative, use such immediate force as is necessary to terminate the violation. 6. Consider the example of a belligerent that is routing cyber operations against its enemy through a server in a neutral State. The enemy State complains to the neutral State and demands that it prevent this use of its cyber infrastructure. If the neutral State fails to terminate the operations in a timely manner, the aggrieved belligerent may lawfully launch a cyber operation to destroy the server’s functionality.
Rule 95 – Neutrality and Security Council actions A State may not rely upon the law of neutrality to justify conduct, including cyber operations, that would be incompatible with 17
San Remo Manual, Rule 22.